macOS – OSX Dok Malware

Check Point research recently found a new malware affecting all versions of macOS 10 operating systems. This malware named OSX Dok is propogated via email phishing. If your MAC becomes infected by this malware, then an attacker can take over complete control of communications.

This includes Secure Sockets Layer traffic. Your traffic is redirected to a proxy server. This malware is located in a file. Once executed this malware copies itself to your /Users/Shared folder.

Some shell commands are then executed. A false positive error message pops up claiming:

"The file Document could not be opened. It may be damaged or use a file format that Preview doesn't recognize"

If AppStore exists than this malware will delete a current version and create a new one. This bogus AppStore process will startup up each time at boot. This malware will force you to enter your password to install further software.

Eventually, this malware will obtain root privileges and transfer your communications data via TOR and SOCAT proxy tools. This can allow an attacker to perform a man in the middle attack. They can impersonate you on the Internet.

This malware is deleted upon completion.

Leave a Comment
Did my information help solve one of your most common computer problems? If so, you can contribute to keep getting valuable tips, tricks, and techniques at

About Author Aaron J. Berg

Aaron J. Berg is the owner of Anet Computers, host of the Reality PC podcast, and blogger at For over thirteen years, he worked for fortune 500 companies and the United States Federal government supporting computers. Now he helps you solve your most common computer problems.

Leave a Reply